Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoakim Erdfelt2015-02-23 21:57:22 +0000
committerJoakim Erdfelt2015-02-23 21:57:22 +0000
commit3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729 (patch)
treee6766d38fc442b16284904636d6ba5aae2866442 /jetty-http/src
parent4df5647f6dfdc5fa7abb812afe9290d60b17c098 (diff)
downloadorg.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.tar.gz
org.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.tar.xz
org.eclipse.jetty.project-3e7b5f0fa918633ec24bd1bc23d6ee76d32c7729.zip
460642 - HttpParser error 400 can expose previous buffer contents in HTTP status reason message
+ Simplifying behavior
Diffstat (limited to 'jetty-http/src')
-rw-r--r--jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java66
1 files changed, 3 insertions, 63 deletions
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
index cd660da660..13862d0c4c 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpParser.java
@@ -1709,69 +1709,9 @@ public class HttpParser
{
private IllegalCharacterException(State state,byte ch,ByteBuffer buffer)
{
- super(String.format("Illegal character 0x%X in state=%s for buffer %s",ch,state,toDebugString(buffer)));
- }
-
- /**
- * This is an HttpParser safe version of {@link BufferUtil#toDetailString(ByteBuffer)}.
- * <p>
- * Which will only show the parsing state (what has been parsed, what is being parsed, and what is coming up),
- * while not showing what is past the {@link ByteBuffer#limit()}.
- *
- * @param buffer
- * @return
- */
- private static String toDebugString(ByteBuffer buffer)
- {
- if (buffer == null)
- {
- return "<null>";
- }
-
- StringBuilder buf = new StringBuilder();
-
- buf.append('"');
-
- for (int i = 0; i < buffer.position(); i++)
- {
- appendContentChar(buf,buffer.get(i));
- if (i == 16 && buffer.position() > 32)
- {
- buf.append("...");
- i = buffer.position() - 16;
- }
- }
- buf.append("<<<");
- for (int i = buffer.position(); i < buffer.limit(); i++)
- {
- appendContentChar(buf,buffer.get(i));
- if (i == buffer.position() + 16 && buffer.limit() > buffer.position() + 32)
- {
- buf.append("...");
- i = buffer.limit() - 16;
- }
- }
- buf.append(">>>\"");
-
- // ignore content beyond limit()
-
- return buf.toString();
- }
-
- private static void appendContentChar(StringBuilder buf, byte b)
- {
- if (b == '\\')
- buf.append("\\\\");
- else if (b >= ' ')
- buf.append((char)b);
- else if (b == '\r')
- buf.append("\\r");
- else if (b == '\n')
- buf.append("\\n");
- else if (b == '\t')
- buf.append("\\t");
- else
- buf.append("\\x").append(TypeUtil.toHexString(b));
+ super(400,String.format("Illegal character 0x%X",ch));
+ // Bug #460642 - don't reveal buffers to end user
+ LOG.warn(String.format("Illegal character 0x%X in state=%s for buffer %s",ch,state,BufferUtil.toDetailString(buffer)));
}
}
}

Back to the top